package xyz.xdxx152.springsecuritydemo.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin()
//                设置自定义登陆界面
                .loginPage("/login.html")
//                使我们的登陆表单aciton和spring security登陆逻辑绑定
                .loginProcessingUrl("/login")
//                登陆成功后发起一个post请求到"/toMain"
                .successForwardUrl("/toMain");


        // 除了login页面，其余的请求都必须经过认证
        http.authorizeRequests()
                .antMatchers("/login.html").permitAll()
                .anyRequest().authenticated();

        // 关闭csrf防护
        http.csrf().disable();
    }

    @Bean
    public PasswordEncoder getPwEncoder(){
        return new BCryptPasswordEncoder();
    }
}
